Dinky OpenAPI Authentication Bypass and Privilege Escalation Vulnerability

Thinking Process: 1. Analyze the Request: Task: Translate a Chinese vulnerability intelligence summary to English. Role: Professional translator specializing in cybersecurity. Constraint 1: Maintain all Markdown formatting intact. Constraint 2: Do not add any introductory or concluding remarks. Input: A Markdown formatted text describing a vulnerability in "Dinky". 2. Analyze the Input Text: Title: 漏洞关键信息 (Vulnerability Key Information) Section 1: 漏洞名称 (Vulnerability Name) -> Authentication Bypass with Automatic Privilege Escalation in Dinky (Already in English in the input, but I should ensure consistency). Section 2: 受影响的环境 (Affected Environment) -> Project, Repository, Affected Version. Section 3: 执行摘要 (Executive Summary) -> Describes the auth bypass in OpenAPI endpoints. Section 4: 漏洞详细信息 (Vulnerability Details) 问题描述 (Problem Description) 脆弱代码逻辑 (Vulnerable Code Logic) -> Java code snippet. 技术细节 (Technical Details) -> File, Function/Line, Attack Vector. 受影响的端点 (Affected Endpoints) -> List of API endpoints. Section 5: 影响分析 (Impact Analysis) -> Confidentiality, Integrity, Availability, CVSS v3.1 Assessment. Section 6: 概念验证（PoC） (Proof of Concept) -> Mentions replication steps. Section 7: 修复建议 (Remediation Recommendations) -> Immediate fix, Recommended hardening measures. 3. Translation Strategy: Terminology: Use standard cybersecurity terminology (e.g., "Authentication Bypass", "Privilege Escalation", "Confidentiality", "Integrity", "Availability", "CVSS", "PoC", "Hardening measures"). Formatting: Keep headers ( , , ), lists ( , ), code blocks ( markdown Vulnerability Key Information Vulnerability Name - Authentication Bypass with Automatic Privilege Escalation in Dinky Affected Environment - Project: Dinky - Repository: https://github.com/DataLinkDC/dinky - Affected Version: 1.2.5 Executive Summary Dinky's OpenAPI endpoints contain a severe authentication bypass vulnerability, allowing unauthenticated users to fully control the platform without authentication, execute arbitrary tasks, cancel production jobs, export sensitive SQL source code, and access all administrative functions. Vulnerability Details - Problem Description - The vulnerability stems from an incorrect authentication check in the Sa-Token interceptor configuration within the file (lines 78-82). When an unauthenticated user requests any endpoint under the path, the interceptor incorrectly escalates permissions to super administrator privileges instead of rejecting the request. - Vulnerable Code Logic - This is a logic error; it was intended to verify administrator privileges but incorrectly grants administrator privileges to unauthenticated users. - Technical Details - Vulnerable File: dinky-admin/src/main/java/org/dinky/configure/AppConfig.java - Vulnerable Function/Line: addInterceptors() method, lines 78-82 - Attack Vector: Network (Unauthenticated HTTP Requests) - Affected Endpoints - All endpoints, including but not limited to: - POST /openapi/submitTask - GET /openapi/cancelTask - GET /openapi/restartTask - POST /openapi/savepoint - POST /openapi/explainSql - GET /openapi/exportSql Impact Analysis - Confidentiality: High - Attackers can export sensitive SQL source code, access all task instance data and all administrative configurations without authentication. - Integrity: High - Unauthorized users can submit malicious tasks, execute SQL queries, modify configurations, and tamper with administrative settings. - Availability: High - Attackers can cancel all production jobs simultaneously, causing a complete service outage of the real-time computing platform. - CVSS v3.1 Assessment: 10.0 (Critical) - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Changed - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High Proof of Concept (PoC) Reproduction Steps provide several attack scenarios, such as submitting malicious tasks, canceling production jobs, and exporting SQL code. Remediation Recommendations - Immediate Fix: Remove the code that automatically escalates privileges. - Recommended Hardening Measures: 1. Implement API Token authentication. 2. Add method-level authorization. 3. Network security measures. 4. Monitoring and detection mechanisms. java Bold: text Links: text Ready. Wait, one small thing: "影响范围：改变全部应用安全". In CVSS 3.1, Scope is a binary value (U or C). "Changed" is the English term for C. The Chinese says "Changes entire application security". I will translate it as "Scope: Changed" to be professional, as "Impact Scope" isn't the standard CVSS field name (it's just "Scope"). However, to be safe and faithful to the text provided, I might translate it as "Scope: Changed (Affects entire application security)". But standard practice is just "Scope: Changed". I'll stick to "Scope: Changed" for professionalism. Actually, looking at the source text structure, it lists the metric and the value. Metric: 影响范围 (Scope) Value: 改变全部应用安全 (Changed) I

Goal Reached Thanks to every supporter — we hit 100%!

Dinky OpenAPI Authentication Bypass and Privilege Escalation Vulnerability

More from this source